Software licensing: How small print can add up to huge costs from software license audits

Practically no one reads software licensing agreements, but the terms they set allow software companies to access your computer network for an audit. And when they decide they want an audit, software companies may attempt to gather information without executive management knowing.

“They will send the audit request in an email because a formal letter has a greater chance of going up the chain to management. The email will say the audit right is in the contract and to run the attached script on your computer system,” says Jason H. Beehler, an associate with Kegler, Brown, Hill & Ritter.

“That script was created to find as much usage as possible. It will look for any occurrence of the software’s name, even if it has no correlation to the installation of the software. The company, usually without thinking, will go ahead and run it and it comes back with an unbelievable number. All of a sudden the software company is asking for $100,000 or $500,000 or more, depending on how extensive they allege the overuse is,” says Beehler.

Smart Business spoke with Beehler about procedures companies should follow to manage software licenses and what to do if a software company requests an audit.

How should companies respond to an audit request?

Treat it like an audit request from the IRS. Whoever receives the request should notify someone on the executive side — CEO, CFO, CIO — and the executive should contact in-house or outside counsel to review the licensing agreement and understand the company’s rights. What is the script designed to look for? Is the license agreement valid and enforceable?

You also want to make sure that, before any audit request comes in, the person who manages software purchases is proactively tracking software licenses and usage. A person may have moved on to another job or department and the copy still exists, although no one is using it. Simply removing software from computers prior to the audit can legitimately decrease your exposure by reducing the number of users.

Often employees have software programs they don’t use. From an IT perspective, it’s easier to create a master template for a desktop software suite that is loaded on computers. You may have what registers as 100 users of the software, but the number of people actually using it is 15.

What if the script has been run?

If you get a letter that says you owe $200,000, contact your counsel, and then together you can call the software company’s general counsel and see if you can negotiate. It could be that $60,000 of that total is interest and, of the remaining $140,000, maybe half corresponds to the actual number of unpurchased licenses in use. If there’s legitimate overuse, you can structure a settlement and offer to pay over a period of some months or years.

If you can’t reach a settlement, consider filing suit before the software company files, so you can choose the court. It’s much better to fight on your turf and your terms. When you file, the software company may very well countersue for copyright infringement and breach of contract. But at least you will define the case on your terms, and you may not have to litigate in the software company’s backyard.

Are more software audits being conducted?

Yes. It could be a function of a difficult economy, either because the software companies are feeling the pinch or because they suspect that users may be engaging in unauthorized copying in order to save money. The prevalence of downloaded software presents an opportunity for software companies if they suspect people aren’t tracking their licenses well.

IT experts say software companies could put controls in place to prevent unauthorized copying. That’s what makes these claims interesting, and that issue should be explored if it comes to litigation. The argument that the software company had an opportunity to prevent copying and now seeks damages for activity it could have stopped could be a significant issue at trial.